Jakata tomcat5
http://mirrors.ccs.neu.edu/Apache/dist/tomcat/tomcat-5/
http://archive.apache.org/dist/jakarta/tomcat-5/?
http://tomcat.apache.org/
http://labs.xiaonei.com/ 由校内网维护的Apache下载镜像
http://tomcat.apache.org/download-55.cgi
http://apache.mirror.phpchina.com/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26.zip
http://apache.mirror.phpchina.com/tomcat/tomcat-5/v5.5.26/bin/apache-tomcat-5.5.26-admin.zip
http://tomcat.apache.org/download-60.cgi
http://apache.mirror.phpchina.com/tomcat/tomcat-6/v6.0.16/bin/apache-tomcat-6.0.16.zip
http://tomcat.apache.org/download-native.cgi
http://apache.mirror.phpchina.com/tomcat/tomcat-connectors/native/1.1.14/binaries/win32/
http://apache.mirror.phpchina.com/tomcat/tomcat-connectors/native/1.1.16/binaries/win32/
http://tomcat.apache.org/download-connectors.cgi
http://apache.mirror.phpchina.com/tomcat/tomcat-connectors/
http://apache.mirror.phpchina.com/tomcat/tomcat-connectors/jk/binaries/win32/jk-1.2.26/
Tomcat5 添加管理控制台
http://localhost:8080/admin
AdministrationTomcat's administration web application is no longer installed by default. Download and install the "admin" package to use it.
添加 Tomcat Administration Username :
D:\Program Files\Apache Software Foundation\apache-tomcat-5.5.28 \conf\tomcat-users.xml
?
<?xml version='1.0' encoding='utf-8'?> <tomcat-users> <role rolename="tomcat"/> <role rolename="role1"/> <user username="tomcat" password="tomcat" roles="tomcat"/> <user username="both" password="tomcat" roles="tomcat,role1"/> <user username="role1" password="tomcat" roles="role1"/> <!--add admin console here --> <role rolename="manager"/> <role rolename="admin"/> <user username="admin" password="" roles="admin,manager"/> <!--add admin console here --> </tomcat-users>
?
添加 Tomcat Administration Application Configuration
D:\Program Files\Apache Software Foundation\apache-tomcat-5.5.28\conf\Catalina\localhost\admin.xml
?
<?xml version="1.0" encoding="UTF-8"?>
<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -->
<!-- Context configuration file for the Tomcat Administration Web App $Id: admin.xml 565211 2007-08-13 00:09:38Z markt $ -->
<Context docBase="${catalina.home}/server/webapps/admin" privileged="true" antiResourceLocking="false" antiJARLocking="false">
<!-- Uncomment this Valve to limit access to the Admin app to localhost for obvious security reasons. Allow may be a comma-separated list of hosts (or even regular expressions). <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.0.0.1"/> -->
</Context>
?
?
添加 Tomcat Administration Application
http://labs.xiaonei.com/apache-mirror/tomcat/tomcat-5/v5.5.28/bin/apache-tomcat-5.5.28-admin.zip
D:\Program Files\Apache Software Foundation\apache-tomcat-5.5.28\server\webapps\admin
Tomcat6 配置 Tomcat?Manager
http://localhost:8080/manager
401 Unauthorized
You are not authorized to view this page. If you have not changed any configuration files, please examine the file conf/tomcat-users.xml in your installation. That file will contain the credentials to let you use this webapp.
You will need to add manager role to the config file listed above. For example:
<role rolename="manager"/> <user username="tomcat" password="s3cret" roles="manager"/>
For more information - please see the Manager App HOW-TO .
修改文件:D:\Program Files\apache-tomcat-6.0.20\conf\tomcat-users.xml
<?xml version='1.0' encoding='utf-8'?> <tomcat-users> <role rolename="manager"/> <role rolename="admin"/> <user username="admin" password="" roles="admin,manager"/> </tomcat-users>?
Tomcat 7 添加配置web管理控制台 ,注意下载版本32/64, 这个也适用于apache-tomcat-6.0.32。
?
http://hi.baidu.com/everything%5Fis%5Ftruth/blog/item/cc115910616ecad5a6ef3f07.html
修改文件 D:\soft\apache-tomcat-7.0.22\conf\ tomcat-users.xml
<role rolename="admin-gui"/> <role rolename="admin-script"/> <role rolename="manager-gui"/> <role rolename="manager-script"/> <role rolename="manager-jmx"/> <role rolename="manager-status"/> <user username="tomcat" password="s3cret" roles="manager-gui,manager-script,manager-jmx,manager-status,admin-script,admin-gui"/>?
Tomcat5 外引项目配置
文件:
D:\tomcat5\conf\Catalina\localhost\workorder .xml
内容:
< Context ? path = "/workorder " ? docBase = "D:\workspace\order\WebRoot" ? reloadable = "true"/ >
路径:http://localhost:8585/workorder
Tomcat 5 查看并发访问量
http://localhost:8585/manager/status/
http://localhost:8585/manager/status/all
http://192.168.157.87:8080/manager/status?XML=true
http8585
Max threads: 150 Min spare threads: 0 Max spare threads: 0 Current
thread count: 3 Current thread busy: 1 Keeped alive sockets count: 0
Max processing time: 265 ms Processing time: 0.451 s Request count: 4 Error count: 0 Bytes received: 0.00 MB Bytes sent: 0.06 MB
Tomcat 启动分析、启动脚本、类载入器
启动分析 :http://docs.huihoo.com/apache/tomcat/heavyz/01-startup.html
启动脚本:http://docs.huihoo.com/apache/tomcat/heavyz/02-catalina.sh .html
类载入器:http://docs.huihoo.com/apache/tomcat/heavyz/03-classloader.html
Tomcat 6 安装成Windows服务
http://guyongpeng.iteye.com/blog/176914
安装tomcat服务
D:\Program Files\apache-tomcat-6.0.20\bin>service.bat install
Installing the service 'Tomcat6' ...
Using CATALINA_HOME:??? D:\Program Files\apache-tomcat-6.0.20
Using CATALINA_BASE:??? D:\Program Files\apache-tomcat-6.0.20
Using JAVA_HOME:??????? D:\Program Files\jdk1.6.0_16
Using JVM:????????????? D:\Program Files\jdk1.6.0_16\jre\bin\server\jvm.dll
The service 'Tomcat6' has been installed.
?
D:\Program Files\apache-tomcat-6.0.20\bin>net start Tomcat6
Apache Tomcat 6 服务正在启动 ..
Apache Tomcat 6 服务已经启动成功。
或
D:\Program Files\apache-tomcat-6.0.20\bin>service.bat install lindows
Installing the service 'lindows' ...
Using CATALINA_HOME:??? D:\Program Files\apache-tomcat-6.0.20
Using CATALINA_BASE:??? D:\Program Files\apache-tomcat-6.0.20
Using JAVA_HOME:??????? D:\Program Files\jdk1.6.0_16
Using JVM:????????????? D:\Program Files\jdk1.6.0_16\jre\bin\server\jvm.dll
The service 'lindows' has been installed.
D:\Program Files\apache-tomcat-6.0.20\bin>net start lindows
Apache Tomcat lindows 服务正在启动 .
Apache Tomcat lindows 服务已经启动成功。
卸载tomcat服务
D:\Program Files\apache-tomcat-6.0.20\bin>service.bat remove
或
D:\Program Files\apache-tomcat-6.0.20\bin>service.bat remove tomcat6
一般性的,若需要将通用的java应用添加为windows服务,可以使用wrapper工具
Tomcat ?Cluster?服务器集群
http://blog.chinaunix.net/u1/34716/showart_276614.html
http://server.chinabyte.com/392/2632892.shtml
http://albertsong.iteye.com/blog/271235
apache跟tomcat做集群session不同步问题
http://www.iteye.com/topic/21449
@robbin
1、tomcat实例要在response的时候标示自己,通过server.xml里面的jvmRoute参数
2、apache要从request里面拿出来route信息,从哪个HEAD里面拿?通过stickysession参数来指定
3、apache怎么转发?通过route参数来指定。
最后想提醒一点:apache2.2的load balance的session sticky性能并不好,因为他这是在七层协议级别进行请求的分发。我测试的结果表明,并不很稳定。
对于tomcat群集来说,最好就是SNA(Share Nothing Architecture),
应用程序压根就不用session,这样才能无限扩展。
@codeutil
mod_jk这个早就该淘汰了, 用modajp
结合Apache和Tomcat实现集群和负载均衡
http://hqjiang.iteye.com/blog/261107
本文基本参考自?轻松实现Apache,Tomcat集群和负载均衡 ? ,经由实操经历记录而成,碰到些出入,以及个别地方依据个人的习惯,所以在一定程度上未能保持原文的完整性,还望原著者海涵。
因原文中有较多的贴图,如若各位读者一时不想亲自动手而直想看到配置效果,可查看原文。
一:软件环境
?
?? 1. Apache: apache 2.0.55 (由http://httpd.apache.org/
?
进入下载)(点击下载apache 2.0.55
?
)
?? 2. Tomcat: Tomcat 5.5.25 (由http://tomcat.apache.org/
?
进入下载)(点击下载Tomcat 5.5.25 zip版
?
)
?? 3. mod_jk: 在页面?http://tomcat.apache.org/
?
?? Download 标题下找到 Tomcat Connectors 链接进入(?点击下载mod_jk-apache-2.0.55.so
?
),看起来像是个Unix/Linux下的动态库,实际应是个Win32 的 DLL 动态库,大概是为保持不同平台配置的一致性,才用了这个扩展名。
二:负载均衡
三:配置集群
nginx+tomcat集群负载均衡(实现session复制)
http://blog.chinaunix.net/u2/83793/showart_1354266.html
参考链接:
Linux操作系统下配置Tomcat多个实例解析
http://linux.chinaitlab.com/administer/747294.html
运行多个tomcat实例两法
http://blog.csdn.net/hansoft/archive/2006/04/01/647060.aspx
apache下多个tomcat实例的实现
http://blog.chinaunix.net/u/2914/showart_1162420.html
Apache+tomcat虚拟主机多实例的配置
http://hi.baidu.com/xerik/blog/item/ab69b1513a44ea8e8d54304b.html
Tomcat 6 数据源与连接池配置
JNDI数据源的使用
http://weixuezheng1986-163-com.iteye.com/blog/561305
http://www.blogjava.net/ec2008/archive/2008/07/19/216063.html
project:test
Driver path:
D:\workspace\test\WebRoot\WEB-INF\lib\ojdbc14.10g.jar
Datasource config
D:\tomcat6.0\conf\server.xml
<GlobalNamingResources>
<!-- 其中将数据源参数配置在tomcat全局连接池中-->
? <Resource
??? name="jdbc/oracle
"
??? type="javax.sql.DataSource"
??? maxActive="4"
??? maxIdle="2"
??? username="scott"
??? maxWait="5000"
??? driverClassName="oracle.jdbc.driver.OracleDriver"
??? validationQuery="select 1 from dual"
??? password="tiger"
??? url="jdbc:oracle:thin:@localhost:1521:orcl"/>
</GlobalNamingResources>
JNDI config
D:\workspace\test\WebRoot\WEB-INF\web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee
"
?xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance
" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
?? http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd
">
?<!--?其中加入应用JNDI配置 -->
?<resource-ref>
? <description>DB?Connection
</description>
?? <!-- JNDI 命名-->
? <res-ref-name>jdbc/oracle
</res-ref-name>
? <res-type>javax.sql.DataSource</res-type>
? <res-auth>Application
</res-auth>
?</resource-ref>
或
?<resource-ref>
? <description>DB?Connection
</description>
? <res-ref-name>jdbc/oracle
</res-ref-name>
? <res-type>javax.sql.DataSource</res-type>
? <res-auth>Container
</res-auth>
?</resource-ref>
</web-app>
Tomcat 6 数据源与连接池配置 方法二
project:test
Driver path:
D:\workspace\test\WebRoot\WEB-INF\lib\ojdbc14.10g.jar
Datasource config
D:\tomcat6.0\conf\Catalina\localhost\test.xml
或
D:\tomcat6.0\conf \context.xml
<?xml version="1.0" encoding="UTF-8"?>
<Context path="/test
" docBase="D:\workspace\test\WebRoot
" reloadable="true">
<!-- 其中将数据源参数配置在tomcat局部连接池中-->
??<Resource name="jdbc/oracle"
????? type="javax.sql.DataSource"
????? username="scott"
????? password="tiger"
????? driverClassName="oracle.jdbc.OracleDriver"
???? ?validationQuery="select 1 from dual"
????? maxIdle="2"
????? maxWait="5000"
????? url="jdbc:oracle:thin:@localhost:1521:orcl"
????? maxActive="4"/>
</Context>
page test ok
D:\workspace\test\WebRoot\index.jsp
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
?String path = request.getContextPath();
?String basePath = request.getScheme() + "://"
???+ request.getServerName() + ":" + request.getServerPort()
???+ path + "/";
%>
<%@ page import="java.sql.*"%>
<%@ page import="javax.naming.*"%>
<%@ page import="javax.sql.*"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
?<head>
??<base href="<%=basePath%>">
??<title>tomcat datasource test</title>
??<meta http-equiv="pragma" content="no-cache">
??<meta http-equiv="cache-control" content="no-cache">
??<meta http-equiv="expires" content="0">
??<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
??<meta http-equiv="description" content="This is my page">
??<!--
?<link rel="stylesheet" type="text/css" href="styles.css">
?-->
?</head>
?<body>
??<%
???Context initContext = new InitialContext();
???//java:/comp/env 或? java:/comp/env/ 固定写法
???Context envContext = (Context) initContext
?????.lookup("java:/comp/env/");
???DataSource ds = (DataSource) envContext.lookup("jdbc/oracle");
???//方法二
???//DataSource ds = (DataSource) initContext.lookup("java:/comp/env/jdbc/oracle");
???Connection conn = ds.getConnection();
???Statement stmt = conn.createStatement();
???ResultSet rs = stmt.executeQuery("select * from dept");
???out.println("结果集是否为空:" + (rs == null) + "<p>");
???while (rs.next()) {
????String deptno = rs.getString(1);
????String dname = rs.getString(2);
????String loc = rs.getString(3);
????out.println("\t部门编号:" + deptno + "\t部门名称:" + dname + "??? 地点:"
??????+ "\t" + loc + "<p>");
???}
???out.println("finally");
???try {
????if (rs != null) {
?????rs.close();
????}
????if (stmt != null) {
?????stmt.close();
????}
????if (conn != null) {
?????conn.close();
????}
???} catch (SQLException e2) {
????e2.printStackTrace();
???}
??%>
?</body>
</html>
tomcat 虚拟主机配置
http://absolute007.iteye.com/blog/175902
第一步、
在tomcat/conf/server.xml中添加
? <Host name="jsp
" debug="0" appBase="E:\My Documents\myeclipse_workspace">
????????????? <Context path="" docBase="." debug="0"/>
?????? </Host>
第二步、
对于windows XP:
\WINDOWS\system32\drivers\etc\
中找到hosts这个文件,此文件没有扩展名,可以手工创建。后面添加
127.0.0.1?????? localhost
127.0.0.1??????jsp
?第三步:
浏览器中输入
http://jsp:8008/jspsqltest/WebRoot/test.jsp
一切完成
tomcat5 优化配置
http://liliugen.iteye.com/blog/265422
http://liliugen.iteye.com/blog/265506
http://japi.iteye.com/blog/261586
java.lang.OutOfMemoryError: PermGen space
tomcat 最大连接数配置
http://maqianli.iteye.com/blog/298619
在server.xml中有配置的。 ??
<Connector ? port="8080" ??
? ? maxThreads="150" ??
? ? minSpareThreads="25" ??
? ? maxSpareThreads="75" ??
? ? acceptCount="100" ??
? ? /> ??
maxThreads="150" ????? 表示最多同时处理150个连接 ??
minSpareThreads="25" ? 表示即使没有人使用也开这么多空线程等待 ??
maxSpareThreads="75" ? 表示如果最多可以空75个线程,例如某时刻有80人访问,之后没有人访问了,则tomcat不会保留80个空线程,而是关闭5个空的。 ??
??
acceptCount="100" ???? 当同时连接的人数达到maxThreads时,还可以接收排队的连接,超过这个连接的则直接返回拒绝连
接。
Tomcat集群的三种负载均衡方式优缺点对照。
?
本地查看远程端口8080是否开放
C:\Documents and Settings\Lindows>telnet 192.168.118.168 8000
tomcat 8080 端口冲突解决 方法一 (基于Windows系统)
http://inshect.iteye.com/blog/343057
dos 输入 ,并查看冲突端口号对应的PID(系统进程号)
C:\Documents and Settings\Lindows>netstat -help
C:\Documents and Settings\Lindows>netstat -b
C:\Documents and Settings\Lindows>netstat -ano > c:\netstat.txt
看看占用0.0.0:80端口的PID是多少
在“任务管理器”中查找对应PID的程序。
如果任务管理器的进程页中看不到PID栏,
则在任务管理器的菜单〖查看〗〖选择列〗中选择一下。删掉PID对应的程序即可。
tomcat 8080 端口冲突解决 方法二 (基于Windows系统重启)
windows 命令行下 简单好用的查看端口占用情况的方法
http://freeman983.iteye.com/blog/349971
在windows命令行窗口下执行:
C:\>netstat -ano | findstr "8080"
或
C:\>netstat -ano | findstr 8080
TCP??? 127.0.0.1:4444???????? 0.0.0.0:0????????????? LISTENING?????? 2434
由上面得知,端口被进程号为2434的进程占用,继续执行下面命令:
C:\>tasklist | findstr "2434"
或
C:\>tasklist | findstr 2434
javaw.exe???????????????????? 2434 Console???????????????? 0???? 16,064 K
c:\>taskkill? /f /im javaw.exe
tomcat 8080 端口冲突解决 方法三? (基于Linux系统重启)
http://www.blogjava.net/baizhihui19870626/articles/375249.html
# 扫瞄/查找本机正在开放的端口号及其服务名称
[root@Loadrunner_19 vsftpd]# nmap localhost
或
[root@Loadrunner_19 vsftpd]# nmap -p 0-65535 localhost
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-09-28 15:32 CST
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns_servers
Interesting ports on Loadrunner_19 (127.0.0.1):
Not shown: 1673 closed ports
PORT???? STATE SERVICE
21/tcp?? open? ftp
22/tcp?? open? ssh
80/tcp?? open? http
111/tcp? open? rpcbind
631/tcp? open? ipp
666/tcp? open? doom
6000/tcp open? X11
# 扫瞄/查找指定机器段(Windows或Linux)正在开放的端口号及其服务名称
[root@Loadrunner_19 vsftpd]# nmap -PT 192.168.157.87-100
# 扫瞄/查找指定机器(Windows或Linux)正在开放的端口号及其服务名称
[root@Loadrunner_19 vsftpd]# nmap -PT 192.168.157.87
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-09-28 15:47 CST
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns_servers
Interesting ports on 192.168.157.87:
Not shown: 1668 closed ports
PORT???? STATE SERVICE
21/tcp?? open? ftp
23/tcp?? open? telnet
135/tcp? open? msrpc
139/tcp? open? netbios-ssn
443/tcp? open? https
445/tcp? open? microsoft-ds
1025/tcp open? NFS-or-IIS
3389/tcp open? ms-term-serv
5001/tcp open? commplex-link
5002/tcp open? rfe
5003/tcp open? filemaker
6000/tcp open? X11
MAC Address: 00:50:56:9D:1C:D4 (VMWare)
Nmap finished: 1 IP address (1 host up) scanned in 1.527 seconds
# 查出 tomcat8080端口原来与自定义vsftp 8080端口冲突
[root@Loadrunner_19 vsftpd]# netstat -apln | grep 8080??
tcp??????? 0????? 0 0.0.0.0:8080 ???????????????? 0.0.0.0:*?????????????????? LISTEN????? 6630/vsftpd
# 利用lsof 查看正在运行的服务及进程号
[root@Loadrunner_19 vsftpd]# lsof -i :8080
COMMAND? PID USER?? FD?? TYPE? DEVICE SIZE NODE NAME
vsftpd? 6867 root??? 3u? IPv4 1338173?????? TCP *:ftp (LISTEN)
# 调出vsftp进程号并杀掉即可
[root@Loadrunner_19 vsftpd]# kill -9 6630
tcp??????? 0????? 0 0.0.0.0:8080 ???????????????? 0.0.0.0:*?????????????????? LISTEN????? 6630/vsftpd?
Apache HTTP Server 与 Tomcat 的三种连接方式介绍
刘 冬 (javayou@gmail.com ), 开发工程师, 2007 年 1 月 15 日
http://www.ibm.com/developerworks/cn/opensource/os-lo-apache-tomcat/index.html
Tomcat SSL OpenSSL 443
终于搞定了Windows下Tomcat Web服务器的SSL配置
http://albertsong.iteye.com/blog/198344
http://www.myssl.cn/guide/install_openssl.asp
?
Tomcat6配置使用SSL双向认证 ?
http://www.openssl.cn/
http://www.openssl.org/
http://baike.baidu.com/view/300712.htm
http://tech.techweb.com.cn/thread-226423-1-2.html
使用OpenSSL API进行安全编程
http://www.ibm.com/developerworks/cn/linux/l-openssl.html
?
openssl生成pem建立CA
http://ideage.iteye.com/blog/356915
文章一:http://blog.chinaunix.net/u/11234/showart_290705.html
文章二:http://blog.chinaunix.net/u/11234/showart_291316.html
openssl简明使用手册
http://firefly.iteye.com/blog/177544
简要介绍了使用openssl来生成CA证书、申请证书、颁发证书以及撤销证书的过程?
1. 首先建立CA密钥:?
openssl genrsa -des3 -out ca.key 1024 (创建密钥)?
chmod 400 ca.key (修改权限为仅root能访问)?
openssl rsa -noout -text -in ca.key (查看创建的证书)?
2. 利用CA密钥自签署CA证书:?
openssl req -config openssl.cnf -new -x509 -days 3650 -key ca.key -out ca.crt?
chmod 400 ca.crt (修改权限为仅root能访问)?
openssl x509 -noout -text -in ca.crt (查看创建的证书)?
3. 创建服务器证书签署申请:?
openssl genrsa -des3 -out client.key 1024?
chmod 400 client.key (修改权限为仅root能访问)?
openssl rsa -noout -text -in client.key (查看创建的证书)?
4. 利用证书签署申请生成请求:?
openssl req -config openssl_client.cnf -new -key client.key -out client.csr?
openssl req -noout -text -in client.csr (查看创建的请求)?
5.进行证书签署:?
这时候需要先设置一下openssl的配置文件。?
modify openssl.cnf并根据这个配置文件创建相应的目录和文件。?
在创建了serial文件之后,还需要添加当前的八进制的serial number,如:01?
然后执行:?
openssl ca -config openssl_client.cnf -keyfile ca.key -cert ca.crt -in client.csr -out client.pem -days 1095?
这个certificate是BASE64形式的,要转成PKCS12才能装到IE,/NETSCAPE上.所以还要:?
openssl pkcs12 -export -in client.pem -inkey client.key -out clinet.pfx?
6.证书撤销:?
openssl ca -keyfile ca.key -cert ca.crt -revoke client.pem?
这时数据库被更新证书被标记上撤销的标志,需要生成新的证书撤销列表:?
openssl ca -gencrl -keyfile ca.key -cert ca.crt -out crl/test.crl?
查看证书撤销列表:?
openssl crl -noout -text -in crl/test.crl?
证书撤销列表文件要在WEB站点上可以使用,必须将crldays或crlhours和crlexts加到证书中:?
openssl ca -gencrl -config /etc/openssl.cnf -crldays 7 -crlexts crl_ext -out crl/sopac-ca.crl?
当虚拟目录不是在80端口且打开ssl时出错 ssl_error_rx_record_too_long?
?
?
【错误】如果网站URL是:http://ip:port/ 时,如果再在网站上启用ssl,在浏览器上访问:https://ip:port/ 将会收到如下错误:SSL 接收到一个超出最大准许长度的记录。错误码: ssl_error_rx_record_too_long
【原因】:
ssl协议默认是在web server的443端口监听,所以,访问ssl会产生如下形式的访问:http://ip:443/ 这样将与http://ip:port/ 里的port冲突。
【所以】:对https访问,web server会自己定位到导用的了ssl的网站(启用了ssql ,此网上就自动在443上监听)上。
【解决 】 :对https://ip:port/ 的访问可以省略port,如:对https://ip/
?
http://msn.ynet.com/view.jsp?oid=48723368+
javax.servlet.ServletException: Node with number 0 does not exist.
http://msn.sports.ynet.com/2008/view.jsp?oid=42362690
javax.servlet.ServletException: Node with number 42362690 does not exist.
?
【问题】
2009-3-12 15:06:31 org.apache.catalina.core.AprLifecycleListener lifecycleEvent
严重: An incompatible version 1.1.1 of the Apache Tomcat Native library is installed, while Tomcat requires version 1.1.3
2009-3-12 15:06:31 org.apache.catalina.core.AprLifecycleListener lifecycleEvent
信息: An older version 1.1.1 of the Apache Tomcat Native library is installed, while Tomcat recommends version greater than 1.1.4
2009-3-12 15:06:31 org.apache.coyote.http11.Http11AprProtocol init
【解决 】
http://tomcat.heanet.ie/native/1.1.8/binaries/win32/
http://topic.csdn.net/u/20080605/14/68376d57-bb1b-4b45-a489-13aa722f2e67.html
下载 http://tomcat.heanet.ie/native/1.1.8/binaries/win32/tcnative-1.dll? 目前版本1.1.8
1、把文件放入C:\WINDOWS\system32里。或D:\tomcat5.5\bin下,我就是这样解决的。
2、把它放在环境变量path中所指向的jdk的bin的目录下,例如,放在C: Javajdk1.5.0_09bin目录下?
Apache Tomcat Log
tomcat catalina.out日志切割每天生成一个文件
http://www.sbear.cn/archives/367
tomcat的catalina.out一直增长,太大了会造成tomcat异常,
需要对其日志进行切割每天生成一个文件,并且删除7天前的文件。
#!/bin/bash
cd `dirname $0`
d=`date +%Y%m%d`
d7=`date -d'7 day ago' +%Y%m%d`?
cd ../logs/
cp catalina.out catalina.out.${d}
echo "" > catalina.out
rm -rf catalina.out.${d7}
放到tomcat的bin目录中,然后crontab每天执行
Tomcat APR (Apache Portable Runtime)
ref
http://redalx.iteye.com/blog/162246
http://blog.csdn.net/tingya/archive/2006/04/15/664304.aspx
apr说白了就是如何在Tomcat中使用JNI的方式来读取文件以及进行网络传输, ?提高tomcat ?的IO效率。
apr可以大大提升Tomcat对静态文件的处理性能,同时如果你使用了HTTPS方式传输的话,也可以提升SSL的处理性能。
doc
http://apr ?.apache.org/
http://tomcat.apache.org/tomcat-5.5-doc/apr.html
http://tomcat ?.apache.org/tomcat ?-6.0-doc/apr ?.html
down
http://tomcat.heanet.ie/native/
http://tomcat.heanet.ie/native/1.1.9/binaries/win32/tcnative-1.dll
setup for Windows
直接下载编译好的二进制版本的dll库文件
http://tomcat.heanet.ie/native/1.1.9/binaries/win32/tcnative-1.dll来使Tomcat启用APR
?
setup for linux
在Linux下,可以直接解压和安装bin目录下的tomcat_native.tar.gz文件,编译之前要确保apr库已经安装,安装的方式:
# ./configure --with-apr=/usr/local/apr
# make
# make install
安装成功后还需要对tomcat设置环境变量,方法是在catalina.sh文件中增加一行:
CATALINA_OPTS="-Djava.library.path=/usr/local/apr/lib"
怎么才能判断Tomcat是否已经启用了APR库呢?方法是通过看Tomcat的启动日志
如果没有启用APR,则启动日志一般有这么一条:
org.apache.coyote.http11.Http11Protocol start
如果启用了APR,则这条日志就会变成:
?
使用了apr
?之后,如果使用了https,https的配置也需要作改变。需要用到openssl来进行证书文件的生成。?
<!-- ssl for?apr
?-->?
<Connector port="8443" maxHttpHeaderSize="8192"?
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"?
enableLookups="false" disableUploadTimeout="true"?
acceptCount="100" scheme="https" secure="true"?
clientAuth="false"?
SSLEngine="on"?
SSLCertificateFile="..\conf\ca\server.crt"?
SSLCertificateKeyFile="..\conf\ca\server.key" />?
linux下编译?
cd apache-tomcat
?-5.5.14/bin/tomcat
?-native-1.1.1/jni/native/?
./configure --with-apr
?=/usr/bin/apr
?-1-config --with-java-home=/usr/java/jdk1.5.0_06/?
make?
make install?
bin/catalina.sh?
加上?
CATALINA_OPTS="-Djava.library.path=/usr/local/apr
?/lib"
?
HTTP Status 500 -
type ?Exception report
message
description ?The server encountered an internal error () that prevented it from fulfilling this request.
exception
javax.servlet.ServletException: Request[/persionRegister] does not contain handler parameter named 'method'. This may be caused by whitespace in the label text. org.apache.struts.actions.DispatchAction.unspecified(DispatchAction.java:215) org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:249) org.apache.struts.actions.DispatchAction.execute(DispatchAction.java:187) org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431) org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236) org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196) org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414) javax.servlet.http.HttpServlet.service(HttpServlet.java:690) javax.servlet.http.HttpServlet.service(HttpServlet.java:803) com.opensymphony.webwork.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:177) com.opensymphony.webwork.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:78) cn.myapps.base.web.filter.PersistenceFilter.doFilter(PersistenceFilter.java:29) cn.myapps.base.web.filter.SecurityFilter.doFilter(SecurityFilter.java:109)
note ?The full stack trace of the root cause is available in the Apache Tomcat/6.0.14 logs.
Apache Tomcat/6.0.14
http://photograph.baihe.com/photograph/uploadFile.do;jsessionid=E6483BF8E57118CF4E21CF7F8C6DD18C
Apache Tomcat/5.5
javax.servlet.ServletException: Processing of multipart/form-data request failed. Read timed out
org.apache.commons.fileupload.FileUploadException: Processing of multipart/form-data request failed. Read timed ou
?
tomcat 添加gzip压缩
http://bsb654321.iteye.com/blog/649053
????? <Connector port="8080" address="${jboss.bind.address}"
???????? maxThreads="250" strategy="ms" maxHttpHeaderSize="8192"
???????? emptySessionPath="true"
???????? enableLookups="false" redirectPort="8443" acceptCount="100"
???????? connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="UTF-8"
????????????? compression="on"???
???????? compressionMinSize="2048"???
???????? noCompressionUserAgents="gozilla, traviata"???
???????? compressableMimeType="application/java-archive,application/octet-stream,text/vnd.sun.j2me.app-descriptor,application/octet-stream, application/x-msdownload, image/png, image/gif, text/plain " />
compression 开关
noCompressionUserAgents 那种浏览器不使用压缩功能
compressionMinSize????? 启用压缩的输出内容大小,这里面默认为2KB
compressableMimeType??? 那些文件需要压缩 mimetype
在tomcat/webapps/ 工程/WEB-INF/web.xml 中增加下面的配置
<mime-mapping>
<extension>conf</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<mime-mapping>
<extension>CONF</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<mime-mapping>
<extension>ini</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<mime-mapping>
<extension>INI</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<mime-mapping>
<extension>png</extension>
<mime-type>image/png</mime-type>
</mime-mapping>
<mime-mapping>
<extension>PNG</extension>
<mime-type>image/png</mime-type>
</mime-mapping>
<mime-mapping>
<extension>gif</extension>
<mime-type>image/gif</mime-type>
</mime-mapping>
<mime-mapping>
<extension>GIF</extension>
<mime-type>image/gif</mime-type>
</mime-mapping>
<mime-mapping>
<extension>json</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<mime-mapping>
<extension>JSON</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<mime-mapping>
<extension>xml</extension>
<mime-type>text/xml</mime-type>
</mime-mapping>
<mime-mapping>
<extension>XML</extension>
<mime-type>text/xml</mime-type>
</mime-mapping>
<mime-mapping>
<extension>dll</extension>
<mime-type>application/x-msdownload</mime-type>
</mime-mapping>
<mime-mapping>
<extension>DLL</extension>
<mime-type>application/x-msdownload</mime-type>
</mime-mapping>
LambdaProbe监控Tomcat 内存参数解析
稍微小点的,专门为TOMCAT 而设计的。下面讲解其用法:
1 下载:
http://www.lambdaprobe.org/downloads/1.7/probe.1.7b.zip
2 解压缩后,把probe.war放到TOMCAT的webapps下,设置server.xml
的context
3 设置用户如下,在tomcat_user.xml中
?? vi /usr/local/tomcat/conf//tomcat-users.xml
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
??????? <role rolename="manager"/>
??????? <role rolename="standard"/>
??????? <role rolename="tomcat"/>
??????? <role rolename="admin"/>
??????? <role rolename="role1"/>
??????? <user username="tomcat" password="tomcat" roles="tomcat"/>
??????? <user username="both" password="tomcat" roles="tomcat,role1"/>
??????? <user username="probe" password="probe" roles="admin,manager"/>
??????? <user username="role1" password="tomcat" roles="role1"/>
</tomcat-users>
4 设置环境变量,获取服务器状态
# vi /etc/profile
JAVA_OPTS=-Dcom.sun.management.jmxremote
export JAVA_OPTS
5 重启动服务器
6 输入http://localhost/probe/,输入用户名和密码
7 即可进入,这里比较精彩的是对内存的监视,动态显示了JVM的内存图表
JavaMelody能够在QA和实际运行生产环境监测Java或Java EE应用程序服务器。并以图表的形式显示:Java内存和Java CPU使用情况,用户Session数量,JDBC连接数,和http请求、sql请求、jsp页面与业务接口方法(EJB3、Spring、 Guice)的执行数量,平均执行时间,错误百分比等。图表可以按天,周,月,年或自定义时间段查看。
使用配置如下:
1、到http://code.google.com/p/javamelody/downloads/list下载zip的压缩包
2、解压缩并将javamelody.war复制到Tomcat发布目录下
3、在被监控项目web.xml中加入如下代码
<filter>???
??????? <filter-name>monitoring</filter-name>???
??????? <filter-class>net.bull.javamelody.MonitoringFilter</filter-class>???
</filter>???
<filter-mapping>???
??????? <filter-name>monitoring</filter-name>???
??????? <url-pattern>/*</url-pattern>???
</filter-mapping>???
<listener>???
??????? <listener-class>net.bull.javamelody.SessionListener</listener-class>???
</listener>?
于是就可以使用了,更详细的可以参考这里:
http://liuyes.iteye.com/blog/691752
linux上tomcat6配置SSL双向认证实现https安全访问
apache-tomcat-6.0.29
jdk1.6.23
2 过程描述:
?????? 2.1 在我方的服务器上,通过jdk工具keytool生成密钥对以及个人证书(其实就是认证申请文件.csr)。结果在我方生成两个文件,分别是:tian.cer(导出的个人证书),tian.csr(输出的认证签名申请文件)。
?????? 2.2 将生成的tian.csr发送给个CA方,他们会根据这个生成以下文件返回给我方:
Tian.crt(认证后的我方服务器端的数字证书),Ct2.crt(电信根证书),test.p12(带私钥的个人证书)。以下是解释:
根证书(ct2.crt)用于信任网站;个人证书(test.p12)用于向网站表明自己的身份。双向。tomcat安装ct2.crt、tian.crt,这个是向客户端证明tomcat的身份;
客户端安装ct2.crt、test.p12,这个是向tomcat服务器证明自己的身份。tian.crt是我方服务器的认证证书;ct2.crt是根证书;test.p12是客户端个人证书。tian.crt是ct2.crt根证书认证的;test.p12也是ct2.crt根证书做认证的。
2.3 把CA方发过来的ct2.crt和tian.crt加入到我方tomcat,让服务器信任证书。
2.4 配置tomcat的server.xml配置文件,配置好https。
2.5 每个访问的sp(浏览器)先把ct2.crt放在浏览器的可信任根目录里,然后安装导入个人证书(test.p12)之后。访问我方地址https://IP:8443即可。
3 操作过程:
3.1? 生成密钥对以及个人证书
命令:$ keytool -genkey -alias tian -keyalg RSA
3.2导出个人证书
命令:keytool -export -alias tian -file tian.cer
信息:输入keystore密码:
保存在文件中的认证 <tian.cer>
3.3 输出认证签名申请文件(.csr)
命令:keytool -certreq -file tian.csr -alias tian
信息:输入keystore密码:
3. 4 先导入根证书
命令:keytool -import -v -trustcacerts -file ct2.crt -alias ct2_root
信任这个认证? [否]:? Y
认证已添加至keystore中
[正在存储 /home/tomcat/.keystore]
3. 5 导入CA认证过的证书(tian.crt)
命令:keytool -import -v -file tian.crt -alias tian
信息:
输入keystore密码:
认证回复已安装在 keystore中
[正在存储 /home/tomcat/.keystore]
3.6配置tomcat:
??? <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
?????????????? maxThreads="150" scheme="https" secure="true"
?????????? keystoreFile="/home/tomcat/.keystore"
????????? keystorePass="password"
??????? truststoreFile="/home/tomcat/.keystore"
?????? truststorePass="password"
???? clientAuth="true" sslProtocol="TLS" />
3.7 客服端安装个人证书和根证书
3.8 访问https://IP:8443出现提示你提交个人证书提示框。成功双向认证!
tomcat的https configuration
http://haoningabc.iteye.com/blog/906890
转载http://www.chinaunix.net/jh/13/456376.html
http://andyj.iteye.com/blog/176470
keytool -genkey -alias tomcat -keyalg RSA -keystore test.keystore
生成awcloud.keystore,注意:第一个用户名为本地计算机名称,不能为ip,国家写CN
keytool -list -keystore keystore
查看
keytool -certreq -keyalg RSA -alias tomcat -file test.csr -keystore test.keystore
生成test.csr
http://www.verisign.com/server2/trial/faq/index.html
Free 30-Day SSL Trial
VeriSign? SSL Test Certificate 点TRY
输入邮箱,continue
Server platform:选apache
Paste Certificate Signing Request (CSR)输入test.csr的内容
收邮件后,点连接进入,保存test.cer
keytool -import -alias root -keystore test.keystore -trustcacerts -file root.cer
keytool -
Tomcat的增加/查看jvm虚拟内存
http://gqsunrise.iteye.com/blog/1176768
Win 操作系统? 第一种方法:? 修改 tomcat/bin/catalina.bat 文件? 增加一行 set JAVA_OPTS=-Xms256m -Xmx1024m
Linux 操作系统? 修改 tomcat/bin/catalina.sh 文件? 增加? JAVA_OPTS="-Xms256m -Xmx1024m"
http://localhost:8080/server-status 选择“Server Status”,便可以看到JVM的占用情况
?
?
tomcat7 exception
http://10.21.142.105:8080/sam-web/j_security_check
HTTP Status 408 - The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser
--------------------------------------------
type Status report
message The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser
description The client did not produce a request within the time that the server was prepared to wait (The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser).
--------------------------------------------
Apache Tomcat/7.0.29
end
?
我的异常网推荐解决方案:The server encountered an internal error () that prevented it from fulfilling this request.,http://www.myexception.cn/java-web/317.html